I'm not a qualified person on this, but as far as I understand, the suggested proposal allows for cookie like tracking behavior by hacking around a bit.
This will have huge consequences on the transparency of the web however. It is easy to understand which cookies are tracking cookies and which are non tracking because many ad network / websites use self describing names when setting cookies.
Your proposal suggests setting a 256-bit unique value to the token, no matter the use case for setting the state.
Cookies allow for flexibility and limits on the amount of entropy.
Assuming that this gets implemented and over the next 5-10 years gains 99% usage, this makes things opaque. With cookies, privacy conscious users use extensions like Privacy Badger, which uses algorithms to decide which cookies to block and which to allow (deciding which cookies are necessary). Apple's ITP might use a similar algo too.
One of the criteria for blocking tracking cookies is to estimate their entropy. When we have a fixed 256-bit token, it makes things hard to understand because a fixed amount of uniquely identifying information is present for any use case for setting the state.
We all know that the DNT header is disrespected. Cookies in my opinion are a balance between privacy and usability.
tl;dr: The flexibility on the amount of entropy in cookies is a good thing. Cookies in my opinion are a better trade-off between perceived privacy and usability, than the suggested fixed 256-bit token. Cookies also offer more transparency.
I'm not a qualified person on this, but as far as I understand, the suggested proposal allows for cookie like tracking behavior by hacking around a bit.
This will have huge consequences on the transparency of the web however. It is easy to understand which cookies are tracking cookies and which are non tracking because many ad network / websites use self describing names when setting cookies.
Your proposal suggests setting a 256-bit unique value to the token, no matter the use case for setting the state. Cookies allow for flexibility and limits on the amount of entropy.
Assuming that this gets implemented and over the next 5-10 years gains 99% usage, this makes things opaque. With cookies, privacy conscious users use extensions like Privacy Badger, which uses algorithms to decide which cookies to block and which to allow (deciding which cookies are necessary). Apple's ITP might use a similar algo too.
One of the criteria for blocking tracking cookies is to estimate their entropy. When we have a fixed 256-bit token, it makes things hard to understand because a fixed amount of uniquely identifying information is present for any use case for setting the state.
We all know that the DNT header is disrespected. Cookies in my opinion are a balance between privacy and usability.
tl;dr: The flexibility on the amount of entropy in cookies is a good thing. Cookies in my opinion are a better trade-off between perceived privacy and usability, than the suggested fixed 256-bit token. Cookies also offer more transparency.